SESSION + Live Q&A
Designing Secure Architectures the Modern Way, Regardless of Stack
This talk aims to attack two typical conflicts any security architect is well familiar with:
1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to cost-efficient systems that are prone to unexpected failures and attack chaining.
2. Most of risk treatment choices for both reliability and security focus on "this stack is able to do X in a certain way and no other way around": the capabilities within each technological stack to cope with risks it's facing is limited by pre-defined feature set.
The solution? Focusing on the risk assets, and designing defenses around asset lifecycle in a way that easily translates to any technological stack.
Eugene will share his experience of implementing sophisticated defenses in constrained environments - ranging from protecting huge power grid SCADA networks to improving end-to-end encryption in small mobile applications - and why designing it properly is what counts when limitations are constraining any easy answers one may find.
Speaker

Eugene Pilyankevich
CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling
Eugene is CTO at Cossack Labs, a data security engineering company, where his job includes almost everything (as you can imagine a CTO of a small company does): defining product strategy, designing internal products and customer solutions, driving R&D efforts, ensuring the steady cycle...
Read moreFrom the same track
Reconciling Performance and Security in High Load Environments
Most perceive security fixes and improvements as a necessary evil, because security is much “less tangible” than primary product functionality in terms of potential revenue. On top of not bringing any “meaningful” value to the overall system, security comes at a cost of...

Ignat Korchagin
Cryptographer, & Security Software Engineer @Cloudflare
Keep Calm and Secure Your CI/CD Pipeline
Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. We can then switch the conversation with the security team from approving each...

Sonya Moisset
Lead Security Engineer @Photobox / Tech Lead @PrideInLondon
Security Vulnerabilities Decomposition
In most companies security is driven by compliance regulations. The policies are designed to contain the CWEs each company is interested to comply with. The result of this approach is a high number of insecure applications are still produced and injection is still King. Is there another way...

Katy Anton
Principal Application Security Consultant @Veracode
The Quantum Risk & Future Post-Quantum Standards
This talk will describe the risk of quantum computing to cryptography, in a way suitable to an audience without quantum physics nor cryptography background. We will present the mitigations available today thanks to research in the field of post-quantum cryptography, and we'll...

Jean-Philippe Aumasson
Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2